제출 #765399: RyuzakiShinji biome-mcp-server <=1.0.0 Command Injection정보

제목RyuzakiShinji biome-mcp-server <=1.0.0 Command Injection
설명A command injection vulnerability exists in biome-mcp-server due to unsafe use of child_process.exec when constructing Biome CLI commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process.
원천⚠️ https://github.com/RyuzakiShinji/biome-mcp-server/pull/1
사용자
 Yinci Chen (UID 94659)
제출2026. 02. 22. AM 10:41 (2 개월 ago)
모더레이션2026. 03. 06. PM 10:25 (12 days later)
상태수락
VulDB 항목349582 [RyuzakiShinji biome-mcp-server 까지 1.0.0 biome-mcp-server.ts 권한 상승]
포인트들18

이전개요다음

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!